The National Cyber Security Center (NCSC) is a part of the UK’s Government Communications Headquarters (GCHQ). If you are like me, you may have only heard about GCHQ in an unflattering context, that of working with US intelligence agencies to spy on foreign heads of state and hack foreign agencies.

If you ask a group of cybersecurity experts what should be included in a Cybersecurity Incident Response Plan (“CIRP”), you will get a wide variety of answers. Happily, many of those answers contain similar themes including these ten important considerations your organization should be aware of when creating and managing a CIRP.

Until employers start to prioritise information security, then the culture won’t change and employers will continue to make mistakes. But if those mistakes do happen and data is breached, then employers need to be smart and act quickly to ensure the best possible defence is available.

IS ROI on cyber really as high as it may seem at first glance? At some point, it may be better to consider cyber risk as a “cost of doing business”. If you can’t actually reduce the likelihood of a breach, can you at least increase the likelihood of prompt detection and response?

Should we give up auditing information security and the management of cyber risk? Not at all. But we should do so with eyes wide open. We should recognize the limitations of our knowledge, tools and techniques and the likelihood that hackers have new techniques that are unknown both to auditors and management.

This case reminds organizations that CASL applies to any form of CEM, even text messages, used to promote products and services, and that the CRTC is actively monitoring and responding to complaints involving different types of CEMs.

We want all decision-makers to consider all the potential consequences of their decision (in fact, all the potential consequences for each option on the table) before making an informed and intelligent judgment. What if the quality of decision-making was a significant factor in assessing performance? Thus affecting compensation and career progression. This idea could help drive effective risk management.

Senior management must understand the state of information or cyber security today and how it affects enterprise objectives and the delivery of value to customers and other stakeholders. A number of recent publications talk to this topic.

Many internal investigations (such as harassment claims, fraud, misuse of company assets, etc) often involve the use of digital devices and may require a forensic analysis of those devices to find evidence of an employee’s actions.

It is best to remain abreast of developments in this matter, in order to clearly identify and be up-to-date on any guidelines concerning the disclosure of the content of messages between individuals in a judicial context.

You’ve been asked to review the digital activity of an employee. Your company has some concerns, and wants you to investigate. With the amount of enterprise-level technology and controls that most companies now have, shouldn’t that be fairly straightforward?

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues.

The following discussion provides a general description of blockchain and distributed ledger technologies (DLT) and the current state of the regulatory landscape in Ontario. To date, the Ontario Securities Commission has not explicitly categorized a blockchain token or coin (which are further discussed below) as an investment contract or other type of security under section […]